Original issue 395 created by Google Code user hanno@hboeck.de on 2015-02-01T20:50:16.000Z:
The attached file will crash bsdcpio.
<b>What steps will reproduce the problem?</b>
1. bsdcpio -i < crash.cpio
2. segfault
<b>What version are you using?</b>
tried both 3.1.2 and current git.
<b>On what operating system?</b>
Linux
<b>How did you build? (cmake, configure, or pre-packaged binary)</b>
3.1.2 with configure, git with cmake
<b>What compiler or development environment (please include version)?</b>
gcc 4.9.2
<b>Please provide any additional information below.</b>
crash dump by valgrind:
==14051== Invalid read of size 8
==14051== at 0x4C2ECB0: memcpy@@GLIBC_2.14 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==14051== by 0x41AEAD: __archive_read_ahead (in /mnt/ram/libarchive/c/bin/bsdcpio)
==14051== by 0x42FDE7: header_bin_le (in /mnt/ram/libarchive/c/bin/bsdcpio)
==14051== by 0x430530: archive_read_format_cpio_read_header (in /mnt/ram/libarchive/c/bin/bsdcpio)
==14051== by 0x418B98: _archive_read_next_header (in /mnt/ram/libarchive/c/bin/bsdcpio)
==14051== by 0x40DFAE: main (in /mnt/ram/libarchive/c/bin/bsdcpio)
==14051== Address 0xffffffff8954c260 is not stack'd, malloc'd or (recently) free'd
I will also attach full valgrind and address sanitizer output.
This issue was found with american fuzzy lop.
Comment #2 originally posted by Google Code user hanno@hboeck.de on 2015-02-03T03:21:58.000Z:
ah, okay, I saw 394 but it talked about bsdtar, not bsdcpio, so I thought it must be a different issue.
I just checked current git and it hangs on the file. Is this the expected behaviour? (in bug 394 you mention that it just encodes a very large input file - so it may just do its job and try to decompress something big - GNU cpio also hangs)
Comment #3 originally posted by Google Code user tim@kientzle.com on 2015-02-07T06:09:07.000Z:
I'm not seeing the hang here. After applying the fix for bug 394, it seems to correctly fail with an error.
The only issue I do see: The error message is empty. I've just committed a fix for that.
If you're still seeing it with current git commit 24f5de6, please give me more details and I'll see if I can track it down.
Thank you!
Original issue 395 created by Google Code user
hanno@hboeck.deon 2015-02-01T20:50:16.000Z:See attachment: crash.cpio.asan.txt
See attachment: crash.cpio.valgrind.txt
See attachment: crash.cpio
The text was updated successfully, but these errors were encountered: